Remote MySQL backend encryption
jdennis at redhat.com
Mon Apr 26 21:04:17 CEST 2010
On 04/26/2010 01:57 PM, Eric.Hernandez at allegiantair.com wrote:
> I am trying to figure out if need to encrypt my traffic from a
> FreeRadius server to a remote MySQL backend.
> I have the following setup.
> FreeRadius/MySQL (Server1)
> FreeRadius/MySQL (Server2) Both Server1 and Server2 are doing MySQL
> Master to Master (ssl) Replication
> Now I want to add a third FreeRadius server without a local MySQL Backend.
> So this third server will point to either Server1 or Server2 which runs
> MySQL but will these request be sent to the remote MySQL Servers in
> clear text?
This has nothing to do with how many MySQL servers you've got or how
you're doing replication, encryption occurs on a per connection basis
(e.g. connections established via rlm_sql_mysql). rlm_sql_mysql never
opens an encrypted session with it's server because rlm_sql_mysql does
not have an option to set SSL/TLS transport (e.g. does not call
mysql_ssl_set()). That probably would be a good feature to add.
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
More information about the Freeradius-Users